RHSA-2015:1888: Important: Red Hat JBoss SOA Platform 5.3.1 security update

First published: Mon Oct 12 2015(Updated: )

Red Hat JBoss SOA Platform is the next-generation ESB and business process<br>automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage<br>existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and<br>CEP) integration methodologies to dramatically improve business process<br>execution speed and quality.<br>It was found that the code which checked that the server hostname matches<br>the domain name in a subject's Common Name (CN) field in X.509 certificates<br>was flawed. A man-in-the-middle attacker could use this flaw to spoof an<br>SSL server using a specially crafted X.509 certificate. (CVE-2012-6153,<br>CVE-2014-3577)<br>It was found that XStream could deserialize arbitrary user-supplied XML<br>content, representing objects of any type. A remote attacker able to pass<br>XML to XStream could use this flaw to perform a variety of attacks,<br>including remote code execution in the context of the server running the<br>XStream application. (CVE-2013-7285)<br>It was found that the secure processing feature of Xalan-Java had<br>insufficient restrictions defined for certain properties and features.<br>A remote attacker able to provide Extensible Stylesheet Language<br>Transformations (XSLT) content to be processed by an application using<br>Xalan-Java could use this flaw to bypass the intended constraints of the<br>secure processing feature. Depending on the components available in the<br>classpath, this could lead to arbitrary remote code execution in the<br>context of the application server running the application that uses<br>Xalan-Java. (CVE-2014-0107)<br>It was found that the org.jboss.seam.web.AuthenticationFilter class<br>implementation did not properly use Seam logging. A remote attacker could<br>send specially crafted authentication headers to an application, which<br>could result in arbitrary code execution with the privileges of the user<br>running that application. (CVE-2014-0248)<br>It was found that the implementation of the<br>org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method<br>provided a DocumentBuilderFactory that would expand entity references.<br>A remote, unauthenticated attacker could use this flaw to read files<br>accessible to the user running the application server, and potentially<br>perform other more advanced XXE attacks. (CVE-2014-3530)<br>It was discovered that the implementation used by the Not Yet Commons SSL<br>project to check that the server host name matches the domain name in the<br>subject's CN field was flawed. This could be exploited by a<br>man-in-the-middle attacker by spoofing a valid certificate using a<br>specially crafted subject. (CVE-2014-3604)<br>Red Hat would like to thank Alexander Papadakis for reporting<br>CVE-2014-3530. The CVE-2012-6153 issue was discovered by Florian Weimer of<br>Red Hat Product Security, the CVE-2014-3604 issue was discovered by Arun<br>Babu Neelicattu of Red Hat Product Security, and the CVE-2014-0248 issue<br>was discovered by Marek Schmidt of Red Hat.<br>All users of Red Hat JBoss SOA Platform 5.3.1 as provided from the Red Hat<br>Customer Portal are advised to apply this security update.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2015:1888
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type